Palo Alto PA-1420 Firewall
PA-1420
- Ports 1 through 4 — 10Mbps/100Mbps/1Gbps
- Ports 5 through 12 — 10Mbps/100Mbps/1Gbps/2.5Gbps/5Gbps
On both the PA-1410 and PA-1420, port 1 is a Zero Touch Provisioning (ZTP) port. The ZTP port can be used to automate the on-boarding of new firewalls to a Panorama management server. To use the ZTP port, read how to boot the firewall in ZTP mode.
On both the PA-1410 and PA-1420, ports 9, 10, 11, and 12 are Power Over Ethernet (PoE) ports. They can be configured to transfer power to a connected device. Refer to the PAN-OS Networking Admin Guide for PoE configuration information.
PA-1420
- Ports 13 and 14 — 1Gbps
- Ports 15 through 22 — 1Gbps/10Gbps
One SFP+ (10Gbps) port (supports both SFP and SFP+ transceivers or cables).
HSCI port
Use this port to connect two PA-1400 Series firewalls in a high availability (HA) configuration as follows:
- In an active/passive configuration, this port is for HA2 (data link).
- In an active/active configuration, you can configure this port for HA2 and HA3. HA3 is used for packet forwarding for asymmetrically routed sessions that require Layer 7 inspection for App-ID and Content-ID.
The PAN-PA-1420 firewall allows you to integrate SD-WAN with Palo Alto’s industry-leading security safely. It maximizes the end-user experience with minimized latency and packet loss. This firewall is managed with Palo Alto’s Panorama network management interface, which allows centralized network administration, visibility, and configuration sharing. The PAN-PA-1420 is ideal for branch offices and small to medium-sized businesses.
Quick Specs:
- Firewall throughput: 9.5 Gbps
- IPsec VPN throughput: 6.5 Gbps
- New sessions per second: 140,000
- 240GB SSD
| Properties | Palo Alto PAN-PA-1420 Firewall |
| Description | Palo Alto Networks PA-1420 - Security appliance - 10 GigE, 5 GigE, 2.5 GigE - front-to-back airflow - 1U - rack-mountable |
| Product Family | PA-1400 Series Firewalls |
| Product Type | Firewall |
| Key Features: | MTBF: 24 years Point-to-Point Protocol over Ethernet (PPPoE) Firewall throughput (HTTP/appmix): 9.9/9.5 Gbps |
| Advanced Features | Advanced Threat Prevention Advanced WildFire Advanced URL Filtering DNS Security Enterprise DLP SaaS Security IoT Security |
| Specifications | Palo Alto PAN-PA-1420 Firewall |
| Performance and Capacities | |
| Firewall throughput (HTTP/appmix) (Firewall throughput is measured with App-ID and logging enabled, with 64 KB HTTP/appmix transactions.) | 9.9/9.5 Gbps |
| Threat Prevention throughput (HTTP/appmix) (Threat Prevention throughput measured with App-ID, IPS, antivirus, antispyware, WildFire, DNS Security, file blocking, and logging enabled, utilizing 64 KB HTTP/appmix transactions) | 5.0/4.8 Gbps |
| IPsec VPN throughput ( IPsec VPN throughput is measured with 64 KB HTTP transactions, and logging enabled.) | 6.5 Gbps |
| Max concurrent sessions (Max concurrent sessions are measured utilizing HTTP transactions.) | 1,400,000 |
| New sessions per second (New sessions per second is measured with application override, utilizing 1 byte HTTP transactions.) | 140.000 |
| Virtual systems (base/max) (Adding virtual systems over base quantity requires a separately purchased license) | (1/6) |
| Note: Results were measured on PAN-OS 11.0. | |
| Networking Features | |
| Interface Modes | L2, L3, tap, virtual wire (transparent mode) |
| Routing | OSPFv2/v3 with graceful restart, BGP with graceful restart, RIP, static routing Policy-based forwarding Point-to-Point Protocol over Ethernet (PPPoE) Multicast: PIM-SM, PIM-SSM, IGMP v1, v2, and v3 |
| SD-WAN | Path quality measurement (jitter, packet loss, latency) Initial path selection (PBF) Dynamic path change |
| IPv6 | L2, L3, tap, virtual wire (transparent mode) Features: App-ID, User-ID, Content-ID, WildFire, and SSL decryption SLAAC |
| IPsec and SSL VPN | Key exchange: manual key, IKEv1, and IKEv2 (pre-shared key, certificate-based authentication) Encryption: 3des, AES (128-bit, 192-bit, 256-bit) Authentication: MD5, SHA-1, SHA-256, SHA-384, SHA-512 GlobalProtect Large Scale VPN for simplified configuration and management (Requires GlobalProtect license.) Secure access over IPsec and SSL VPN tunnels using GlobalProtect gateway and portals (Requires GlobalProtect license.) |
| VLANs | 802.1Q VLAN tags per device/per interface: 4,094/4,094 Aggregate interfaces (802.3ad), LACP |
| Network Address Translation | NAT modes (IPv4): static IP, Dynamic IP, Dynamic IP and Port (port address translation) NAT64, NPTv6 Additional NAT features: Dynamic IP reservation, tunable Dynamic IP and Port oversubscription |
| High Availability | Modes: active/active, active/passive Failure detection: path monitoring, interface monitoring |
| Zero Touch Provisioning (ZTP) | Requires Panorama 9.1.3 or higher that is managing PA-1400 Series with PAN-OS 11.0 or higher |
| Hardware Specifications | |
| I/O | 10/100/1000 (4), 1G/2.5G/5G (4), 1G/2.5G/5G (4)/PoE, 1G SFP (2), 1G/10G SFP/SFP+ (8) |
| Management I/O | 10/100/1000 out-of-band management port (1) HSCI 10 gigabit high availability (1) RJ-45 console port (1) USB port (1) Micro USB console port (1) |
| Power over Ethernet (PoE) | Total PoE Power Budget: 151W, Maximum load on single port: 90W |
| Storage Capacity | 240 GB SSD |
| Power Supply (Avg/Max Power Consumption) | AC 450W power supply (1); Optional for purchase 2nd AC 450W power supply (1) |
| Power Consumption (Avg/Max) | 260 W/300 W (Power consumption values include a 150 W PoE load.) |
| Mean Time Before Failure (MTBF) | 24 Years |
| Input Voltage Frequency | 100–240 VAC (50–60 Hz) |
| Rack Mount Dimensions | PA-1420: 1U, 19" standard rack (1.70" H x 14.15" D x 17.15" W) |
| Weight (Standalone Device/As Shipped) | 15.5 lbs |
| Safety | cTUVus, CB |
| EMI | FCC Class A, CE Class A, VCCI Class A |
| Environment | Operating temperature: 0°C to 40°C at 10,000 feet Nonoperating temperature: -4°F to 158°F; -20°C to 70°C |
| Airflow | Front to back |
No comments:
Post a Comment